September 14, 2016

WSJ: A Privacy Lesson, Courtesy of Zuckerberg

Mark Zuckerberg created a stir over an Instagram post this summer of him at his desk. If you look closely, you’ll see tape covering the Facebook CEO’s laptop camera and microphone jack. Does he know something we don’t? Well, yes.

Hackers are virtually (pun intended) everywhere. Mr. Zuckerberg’s Twitter and Pinterest accounts were hacked in early June, before the photo was taken. The Democratic National Committee had 20,000 emails released on WikiLeaks right before the party’s July convention. The Federal Reserve recently admitted it’s had more than 50 cyberbreaches over the past five years. In August the National Security Agency, which says its role is to “lead the U.S. Government in cryptology” got, you guessed it, hacked.

There are essentially three reasons to hack into someone else’s systems: cash, control or cred—as in street cred. Debit and credit cards are usually the prize. Target and other retailers got nailed a few years ago, resulting in those annoying chip cards, which are slower but supposed to be more secure. Except researchers at NCR Corp.told a recent Black Hat security conference that they’ve hacked those too. Time to go back to cash?

As for control, Hillary Clinton claims, “We know that Russian Intelligence services hacked into the DNC.” Uh huh. If the Russians were controlling our elections, wouldn’t Bernie Sanders have won the primary? Control is a real concern, especially when it comes to stock exchanges, power plants or nuclear launch codes. But these are, one hopes, the most guarded targets, with multilayered offline security.

Which brings us to cred. Many hackers hack just because they can. The “dark web,” basically hidden websites, and internet relay chat channels like Hackerfleet and OnionIRC light up with ideas and exploits and bragging rights. To me, these hacks, while they can be damaging, are like a Freedom of Information Act for the internet. We only know about Mrs. Clinton’s private email server, for instance, because Sidney Blumenthal’s AOL account was hacked in March 2013. AOL?

So, is privacy dead?

Not really. Any financial company that gets hacked is not doing its job and you should drop it. Security tools are getting better though more expensive. While they are a burden on customers and employees—extra time and passwords to remember—it’s better than losing money or having your dirty laundry aired. Ask Sony.

Don’t trust institutions—you have to protect yourself. Encrypt everything. A phone with fingerprint access is a must. Keep valuable information offline—“air gap” by unplugging the Ethernet cable. Use multifactor or two-step authentication. With two-step, when you log in to your email from a new device, you’re asked for a six-digit code that gets texted to your phone. Unless they have your phone, no one in China or Estonia is going to steal your email, even if they know your password. Mine is Bosco.

OK, I probably shouldn’t have told you that. Remember the CEO of LifeLock who shared his Social Security number in 2007, claiming he couldn’t be hacked? It wasn’t long before someone successfully took out a loan in his name. Now where is that duct tape for my laptop?